retr0.id/media/bd23a2fb-c7a6-4…

alt text:

Goose chase meme. In the first frame, the goose asks “all the data is encrypted?” In the second, the goose chases a person, asking “encrypted how and with whose keys, motherfucker?”

@196

    • 8ace40@programming.dev
      link
      fedilink
      arrow-up
      28
      ·
      1 year ago

      I’m migrating millons of encrypted credit cards from one platform to another (it’s all in the same company, but different teams, different infra, etc).

      I’m the one responsible for decrypting each card, preparing the data in a CSV, and encrypting that CSV for transit. Other guy is responsible for decrypting it, and loading it into the importer tool. The guy’s technical lead wanted me to generate the pair of keys and send him the private key, since that way I didn’t have to wait for the guy and “besides, it’s all in the same company, we’re like a family here”.

      Of course I didn’t generate the key pair and told them that I didn’t want to ever have access to the private key, but wow. That made me lose a lot of respect for that tech lead.

    • verdare [he/him]@beehaw.org
      link
      fedilink
      arrow-up
      30
      ·
      1 year ago

      The fact that you have to enter your iCloud credentials directly into the app was a red flag.

      Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI. This is why we have tokens and federated login. Third parties should never see your Google/Apple/whatever credentials.

      • ALostInquirer@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI.

        By chance, would you (or some other passerby) happen to know how this is handled with the Lemmy apps/interfaces? I’ve been mixed on using them since I’m unclear how they’re handling this info.

        • verdare [he/him]@beehaw.org
          link
          fedilink
          arrow-up
          8
          ·
          edit-2
          1 year ago

          Hmmm, that’s a good point. I did type my Lemmy credentials directly into at least two different apps. I guess it would be better if it redirected to a login page provided by my instance (Beehaw). But I also don’t consider my Lemmy account to be very critical. It’s not a huge deal if it gets compromised, as long as it’s not associated with my real identity.

          EDIT: Also, I use a password manager, so a leak of my randomly generated Lemmy password shouldn’t affect anything else.

      • unalivejoy@lemm.ee
        link
        fedilink
        English
        arrow-up
        23
        ·
        1 year ago

        Many chat apps actually use the Signal protocol for end to end encryption. This includes WhatsApp, Google Messages (RCS), Facebook Messenger, and Skype. iMessage doesn’t seem to use it.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          16
          ·
          1 year ago

          Facebook Messenger only uses it for specially marked chats AFAIK, and to initialize one you need to specifically request it. Nothing puts up a red flag like initializing one. Source (Facebook warning)

            • LWD@lemm.ee
              link
              fedilink
              arrow-up
              15
              ·
              1 year ago

              Because the default message form is not encrypted. In order to switch to E2EE you basically shout to Facebook, “hey I’m going to start talking to this person right here, right now, and I don’t want you to know what I’m saying!”

              • AVincentInSpace@pawb.social
                link
                fedilink
                English
                arrow-up
                7
                ·
                1 year ago

                oh, red flag for facebook, that makes sense.

                but then if you care about privacy why touch anything Facebook has made at all?

                • LWD@lemm.ee
                  link
                  fedilink
                  arrow-up
                  6
                  ·
                  1 year ago

                  I’m not creative enough to come up with a good reason TBH

        • Lemongrab@lemmy.one
          link
          fedilink
          arrow-up
          9
          ·
          1 year ago

          But we also can’t check their process since they are closed source. Also, if they can decrypt in the browser or proprietary app, then they can still read your messages. Browser is vulnerable to other attacks.

    • setVeryLoud(true);@lemmy.ca
      link
      fedilink
      arrow-up
      16
      ·
      1 year ago

      That’s not even Nothing Chats’ biggest problem: it’s that it gets completely MITM’d by going onto some mac mini in some server farm somewhere.

  • gmtom@lemmy.world
    link
    fedilink
    arrow-up
    34
    ·
    1 year ago

    It’s encrypted by changing the font to windings and making the text colour white before sending.

  • JackLSauce@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    Wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow wow… The data are encrypted

      • CoggyMcFee@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Correct according to whom? The word has a long history of being used with a singular verb. The dictionary indicates it is usually used with a singular verb. Only a small number of people insist on trying to override this.

        Who cares if it is plural in Latin? Once something moves into a new language, it’s not beholden to the old language. We don’t use a plural verb with “spaghetti”. Germans borrowed the word “party” from English and they pluralize it as “partys” — they don’t need to follow our rules for what is now also their word.

        Don’t give in to these people who claim that “data” is supposed to be plural. They are treating a personal preference as a fact.

        • bob_lemon@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          To be fair, German (and other languages) borrowing from Italian is a whole can of worms, but you’re right: Borrowed words don’t need to follow all the declination or conjugation roles from their original language.

          See also: Two espressos. One zucchini.